A leading British PVC manufacturer has been contacting current and former employees to inform them about a “substantial” data breach, according to a law firm.
Derbyshire-based Eurocell, which also operates as a distributor of UPVC windows, doors and roofing products, revealed the news in a letter to those affected, according to data protection law specialist Hayes Connor.
In it, the firm apparently explained that an unauthorized third party accessed its systems. Among the data compromised are: employment terms and conditions; dates of birth; next of kin; bank account, NI and tax reference numbers; right to work documents; health and wellbeing documents, learning and development records; and disciplinary and grievance docs.
That’s quite a trove for possible fraudsters to leverage in subsequent phishing or even extortion campaigns.
Eurocell has apparently indicated that there’s no evidence of the data being misused, but that will be of little comfort to those affected.
It is also unclear how many employees are impacted.
“The company has over 2,000 current employees, but it is possible that many more former employees could also be at risk given the type of information that has been exposed,” warned Hayes Connor legal representative, Christine Sabino.
“Every employer has various obligations when it comes to data security, which means they have a duty to keep sensitive information secure. This type of incident warrants a significant investigation. Our team has started to make our own enquiries into the case and are determined to ensure our clients get the justice they deserve.”
Hayes Connor was in the headlines earlier this year when it announced that over 100 current and former employees of a leading luxury car dealership would be starting legal proceedings against the firm following a data breach there.
On that occasion they had been frustrated by the lack of transparency from LSH Auto around the incident.